safeclib
libu8ident
safeclib | libu8ident | |
---|---|---|
8 | 9 | |
311 | 16 | |
- | - | |
7.0 | 1.8 | |
18 days ago | 10 months ago | |
C | C | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
safeclib
-
LLVM's Libc Gets Much Faster memcpy For RISC-V
Of course assembler spezializations are an anti-pattern, because the optimizer should be fixed to do it much better. Better C code is often 2x faster than hand optimized assembler.
Eg my C memcpy with inlined and vectorized clang beats glibc or gcc memcpy in assembler easily. https://github.com/rurban/safeclib/blob/master/tests/perf_me...
-
Site with common coding mistakes that cause security threats with code examples?
+1 This along with https://github.com/rurban/safeclib (and its forks/derivatives).
- Safeclib – C11 Annex K implementation
-
What are the major dialects of C nowadays?
I have yet to look into Annex K. It didn't seem to gain much traction. Some people at Red Hat wrote a field experience report about it. I recently discovered an implementation of Annex K functions that claims to be pretty portable, safeclib.
-
memmove_s?
See my testsuite and remarks at https://github.com/rurban/safeclib/blob/master/doc/libc-overview.md , esp. towards the windows implementation
- Why does Windows 10 run faster than Fedora?
-
A 100LOC C impl of memset, that is faster than glibc's
I do it because nobody else implemented a secure memset. What they call secure is just avoiding that the compiler ignores it. A secure memset also cleans the caches with a memory barrier, so that meltdown cannot read it.
explicit_bzero and it's numerous variants are not only insecure, but also slow. (byte wise!)
Only safelibc has a secure memset_s. https://github.com/rurban/safeclib/blob/master/tests/perf_me...
libu8ident
- Roaring bitmaps are compressed bitmaps, can be 100x faster
-
International domain names: where does HTTPS://meßagefactory.ca lead you?
In programming languages it's much worse. Identifiers can either be unidentifiable, and if so everybody has a different opinion what "identifiable" means. Even the standard on identifiers, UTF-39, is buggy and has too many interpretations, leading to a complete disaster. https://github.com/rurban/libu8ident/blob/master/doc/c11.md
In punycode domain names it's quite simple still.
With other names, it's even worse. No-one cares. Linkers do not, username and filesystem drivers do not. The Apple HFS+ did care a bit one day, until someone in the higher ranks decided that no-one needs unicode security anymore and switched the new APFS to unsafe again.
-
Using Unicode in a compiler
No, it's definitely not safe to use unrestricted Unicode in a compiler. See https://github.com/rurban/libu8ident/ for identifier rules, and http://www.unicode.org/reports/tr55/ for much worse problems.
- Ask HN: What interesting problems are you working on? ( 2022 Edition)
- Unicode Utilities: Confusables
-
How can you be fooled by the U+202E trick?
That's why unicode published the security guidelines and mechanisms to avoid such attacks. In 2004 already.
The problem is that nobody cared. Browsers invented punycode instead of following tr39, email ditto. But ok, at least something. Java did it, cperl did, rust did it.
Everybody else is vulnerable. Esp. most other programming languages, filesystems and login systems. https://github.com/rurban/libu8ident/blob/master/doc/c11.md
- Prevent Trojan Source attacks with GCC 12
-
Unicode Normalization Forms: When ö = ö
I'm maintaining such a library.
coreutils, diff, grep, patch, sed and friends all cannot find Unicode strings, they have no string support. They can only mimic filesystems, finding binary garbage. Strings are so rthi g different than pure ASCII or BINARY garbage. Strings have an encoding and are Unicode.
Filesystems are even worse because they need to treat filenames as identifiers, but do not. Nobody cares about TR31, TR39, TR36 and so on.
Here is an overview of the sad state of Unicode unsafeties in programming languages: https://github.com/rurban/libu8ident/blob/master/c11.md
- Why does Windows 10 run faster than Fedora?
What are some alternatives?
memset_benchmark - This repository contains high-performance implementations of memset and memcpy in assembly.
Confusables - Simple library for matching a string to another string that is same but has letters that only *look* the same as original string
qemu
featurebase - A crazy fast analytical database, built on bitmaps. Perfect for ML applications. Learn more at: http://docs.featurebase.com/. Start a Docker instance: https://hub.docker.com/r/featurebasedb/featurebase
gcc
libredwg - Official mirror of libredwg. With CI hooks and nightly releases. PR's ok
fancy-memset - small, fast memset based on microsoft's design
nbperf - Improved NetBSD's Perfect Hash Generation Tool v3
copies-and-fills
reals - A lightweight python3 library for arithmetic with real numbers.
fancy-memcmp - small, fast memcmp
ts-pg-orm - Delightful Typescript PostgreSQL ORM